[PATCH 0/1] MR1170: wbemprox: Fix out-of-bounds access caused by codepoints above U+00FF.
For now, assume all Unicode codepoints in range U+0100 - U+10FFFF constitute a valid identifier. Note that we already do that for range U+0080 - U+00FF. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1170
From: Jinoh Kang <jinoh.kang.kr(a)gmail.com> For now, assume all Unicode codepoints in range U+0100 - U+10FFFF constitute a valid identifier. Note that we already do that for range U+0080 - U+00FF. --- dlls/wbemprox/wql.y | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dlls/wbemprox/wql.y b/dlls/wbemprox/wql.y index 637eb6f05fa..ba33396ddeb 100644 --- a/dlls/wbemprox/wql.y +++ b/dlls/wbemprox/wql.y @@ -645,6 +645,11 @@ static const char id_char[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, }; +static int is_idchar(WCHAR chr) +{ + return chr >= ARRAY_SIZE(id_char) || id_char[chr]; +} + struct wql_keyword { const WCHAR *name; @@ -802,9 +807,9 @@ static int get_token( const WCHAR *s, int *token ) for (i = 1; is_digit( s[i] ); i++) {} return i; default: - if (!id_char[*s]) break; + if (!is_idchar(*s)) break; - for (i = 1; id_char[s[i]]; i++) {} + for (i = 1; is_idchar(s[i]); i++) {} *token = keyword_type( s, i ); return i; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1170
A test would be nice. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1170#note_12260
participants (3)
-
Hans Leidekker (@hans) -
Jinoh Kang
-
Jinoh Kang (@iamahuman)